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ABSTRACT 



It is necessary to authenticate each access by permitting or 
refusing it when a cUent makes an access to a server in a 
client-server system in which clients and servers are inter- 
connected via a network. The client utilizes memory 
medium which stores both the server address and the 
memory medium's identification information. The client 
also uses a read-out device to fetch the contents of the 
memory medium and uses thus read out server address, to be 
connected to a desired server and then transmits the above- 
mentioned read out identification information to ask for 
server access permission. The server, in response, when 
having received a server access permission request from the 
client, compares the memory medium identification infor- 
mation sent upon permission requesting to identification 
information stored beforehand and, based on the comparison 
results, sends the client the authentication of server access 
permission or refusal. 

6 Claims, 6 Drawing Sheets 
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CLIENT-SERVER SYSTEM, SERVER 
ACCESS AUTHENTICATION METHOD, 
MEMORY MEDIUM STOICS SERVER- 
ACCESS AUTHENTICATION PROGRAMS, 
AND ISSUANCE DEVICE WHICH ISSUES 
THE MEMORY MEDIUM CONTENTS 

FIELD OF THE INVENTIGN 

This invention relates to a client-server system in which 
clients (client machines ) and servers(server machines) are 
interconnected via a network, a server access authentication 
method for use in this client-server system, a memory 
medium stores server access authentication programs, and 
an issuance device which issues the memory medium con- 
tents. 

PRIOR ART 

In the conventional server-client systems realized via a 
network, the user must input his login name and password 
so that his access to a server is authenticated. In response, 
the server decides whether the access should be permitted, 
by comparing those login name and password to those 
registered beforehand on his side. 

According to such conventional method, however, the 
user must remember his password and also input his login 
name and password, inflicting troublesome burdens on his 
own side. Moreover, this conventional method suffers from 
a respect that if a password is known to any other people, 
this password may possibly be used in an illegal server 
access. The present invention attempts to solve such a 
problem that exists in the server access authentication 
method in the conventional server-client systems. 

OBJECTS OF THE INVENTION 

It is therefore an object of the present invention to provide 
a server-client system and a server access authentication 
method whereby the user can easily obtain his legal server 
access and, at the same time, an illegal server access by 
others can be prevented. Other object of the present inven- 
tion is to provide memory medium stores server access 
authentication programs which realize such server-client 
system and server access authentication method. A different 
one object of the present invention is provide a issuing 
device which issues the memory medium contents. 

SUMMARY OF THE INVENTION 

A client-server system according to the present invention 
is used by clients and servers interconnected by the network, 
in which those clients have a read-out device which reads 
out the memory medium contents. The read-out device have 
detachably mounted memory medium which stores the 
server addresses and its own identification information. 

The clients have an access permission request means that 
the clients can use a desired server address read out using 
this read -out device, to be connected to the server, and can 
also clients send the memory medium identification infor- 
mation read out by it to request server access permission. 

The abovementioned server, on the other hand, has a 
memory means stores the memory medium identification 
information based on which a server access is to be permit- 
ted. And the server has access authentication control means 
for comparing the memory medium identification informa- 
tion stored in the memory means to the memory medium 
identification information that sent upon server access per- 
mission request by the client. 
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The access authentication control means sends server 
access permission or refiisal to the client, based on the 
comparison results. 

With this system, therefore, the cUent reads out both the 
5 server address and the memory medium identification infor- 
mation from the memory medium mounted on itself and 
then uses thus read out the server address, to be connected 
to the sever and, at the same time, sends thus read out the 
memory medium identification information to ask for server 
10 access permission. The server, on the other hand, compares 
the memory medium identification information sent upon 
server access permission requesting by the client to the 
identification information registered beforehand and, based 
on the comparison results, sends the authentication of server 
15 access permission or refusal. Thus, only the client having 
legal memory medium is given server access permission. 

In a client-server system as claimed in claim 2 of the 
present invention, the memory means mounted on the server, 
stores the information of a period for which a server access 
must be permitted according to the memory medium iden- 
tification information. The server access authentication con- 
trol means references this period information stored in the 
abovementioned memory means based on the memory 
medium identification information sent upon server access 
permission request by the client, to give authentication of 
server access permission or refusal to the client. Thus, the 
users can utilize the system by setting a period for which an 
access to the server is permitted. That is, a client having 
certain memory medium will be permitted to access the 
sever only on setting the period. 

A client-server system as claimed in claim 3 of the present 
invention features that memory medium stores both the 
server address and the identification information stored in 
memory medium are enciphered beforehand and would then 
be deciphered by decipherment means provided on the client 
when it has read them out. 

The server address and the identification information are 
thus enciphered beforehand, so that it is possible to prevent 
4Q illegal interception of the server address or the identification 
information. 

A client-server system as claimed in claim 4 of the present 
invention features that the memory medium stores one or a 
plurality of identification information pieces corresponding 

45 to a plurality of service pieces provided by the server. Thus, 
it is possible to serve the users by providing one or a 
plurality of service sections in a plurality of service pieces 
given by the server. 

A server access authentication method according to the 

50 present invention is used in the client-server system in which 
clients and servers are interconnected via a network. By this 
method the client reads out the contents of the memory 
medium that stores the server address and the memory 
medium identification information and uses this server 

55 address read out by the read-out device to be connected to 
the server and then sends the memory medium identification 
information read out by the abovementioned read-out device 
to ask for server access permission. The server, on the other 
hand, when having received server access permission 

60 request from the client, compares the memory medium 
identification information sent with this request to the 
memory medium identification information stored 
beforehand, for the permission of server access and, based 
on the comparison results, gives the authentication of server 

65 access permission or refusal to this client. Thus, only the 
clients having a legal memory medium are given a server 
access permission. 
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According to a server access authentication method as such programs different from the server access authentica- 

claimed in claim 6, the server beforehand stores the infor- tion first program, 
mation of a period for which a server access is to be 

permitted according to the identification information of BRIEF DESCRIPTION OF THE DRAWINGS 
memory medium. The server, based on the memory medium 5 piG_ i is a block diagram illustrating a client-server 

identification information sent upon server access permis- system related to the present invention; 

sion requesting from the client, references the aboyemen- j is a more detailed block diagram illustrating the 

tioned period information stored beforehand, to give this cHent-server system related to the present invention; 

client the authentication of server access permission or , . „ ... •. ■ .. .• c . 

refusal. Thus, it is possible to make up a system that a client lO .3 is a flowchart descnbmg the operation of the first 

with certain memory medium would have a defined period embodiment of the client-server system related to the 

for which his access is to be permitted. present invenUon; 

rn. 1' ^ u u c^^^^^ FIG. 4 is a diagram describing service provided by the 

The memory medium which stores the server access ^ ^t*. u 

^- A- *^ • first embodiment of the chent-server system related to the 

authentication program according to the present mvention . . ^ 

registers the server address and the memory medium iden- 15 present mvention; 

tification information. And also, the memory medium stores FIG. 5 is an identification key table employed by the first 

a first program to be used by a client computer. The embodiment of the client-server system related to the 

computer use the first program, reading out such the server present invention; 

addresses and the memory medium identification FIG. 6 is a diagram describing service provided by the 
information,and connecting to a desired server by using thus 20 second embodiment of the client-server system related to the 

read out the server address, and then transmits thus read out present invention; 

the memory medium identification information for server FIG. 7 is an identification key table employed by the 

access permission. Thus, it is possible to mount to a read-out second embodiment of the client-server system related to the 

device the memory medium which stores both the server present invention; 

addresses and the memory medium identification 25 pjQ ^ ^ flowchart describing the operation of the 

information, whose contents are then read out so that the second embodiment of the client-server system related to the 

stored programs can be executed. In this case, the client uses present invention; and 

thus read out server address, to be connected to the server 9 ^^^^^^^ flowchart describing the operation of the 

and, at the same time, transmits thus read out the memory second embodiment of the client-server system related to the 

medium identification information to ask for server access pj.gggjj^ invention 
permission. 

Memory medium as claimed in claim 8 of the present DETAILED DESCRIPTION OF THE 
invention, which stores server access authentication pro- INVENTION 
grams stores, together with the abovementioned first client-server system, server access authentication 
program, images data, music data, and other data or at least method, memory medium which stores the server access 
one of the programs different from this first program. Thus, authentication program, and issuance device for the memory 
it is possible to obtain the first program for server access contents related to the embodiments of the present invention 
authentication from the memory medium which stores will be described with reference to the accompanying draw- 
images data, music data, other data or also other programs ^ ^ ^j^ted that the same or similar reference 
than the first program. numerals are applied to the same or similar parts and 

A memory medium issuance device for issuing memory elements throughout the drawings, and the description of the 

medium which stores the server access authentication pro- same or similar parts and elements will be omitted. FIG. 1 

grams according to the present invention provides a memory shows a client-server system related to the embodiment of 

medium can be adapted to a computer system. The issuance the present invention. In this client-server system, a client 2 

device comprising load means. This load means load a and a server 1 are interconnected via a network 3, in which 

memory medium with the memory medium identification data is transferred between communication devices 12 and 

information for the server access must be permitted and the 22. 

server address in a network, and a first program which server 1 is constructed around the Central Processing 
permits the computer to read out said server address and the unit (CPU) U as the center, in which an input device 14 for 
memory medium identification information and uses thus inputting of commands or data and a display device 13 for 
read out the server address to be connected to the server and displaying of information are interconnected. The CPU 11 is 
then transmits thus readout the memory medium identifica- provided with memory means 16 which stores the identifi- 
tion information to ask for server access permission. Thus, nation information of memory medium 4 incorporating 
it is possible to store in the memory medium the identifi- CD-ROMs, floppy disks, CD EXTRAs, etc. Also, to the 
cation information of the memory medium to which the q^jj h connected a memory medium issuance device 15. 
server access stored on the server side must be permitted, -j^^ memory medium issuance device 15 reads the identi- 
this server's server address in the network, and the server fication information A for the server access must be permit- 
access authentication programs and then to issue them. fjo^ jhe memory means 16, and loads it to memory 

A memory medium issuance device as claimed in claim go medium 4. The issuance device 15 read the sever address 

10, which issues the memory medium which stores the from own memory, and loads it to memory medium 4. The 

server access authentication programs features a respect that server address is the address of the server 1 in the network 

it stores, as well as the abovementioned first program, image 3. In this case, the memory medium issuance device 15 need 

data, music data, and other data and at least one of those not always be part of the server 1 and may be independent 
programs different from this first program. ^5 of it. 

llius, it is possible to obtain memory medium which The memory medium 4 issued by the abovementioned 

stores the first program and images, music, and data and memory medium issuance device 15 is sold (or distributed) 
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and bought (got) by a client 2 user. The client 2 is con- etc. shown in FIG. 2. Also, in this embodiment, the server 

structed around the CPU 21 as the center, in which an input access authentication program is stored. The server access 

device 24 for inputting of commands and data and a display authentication program is read out by the read -out device 25, 

device 23 for displaying of information are interconnected. to act as an authentication client 54, corresponding to an 

Also, the CPU 21 is connected to a read-oul device 25. The 5 access permission request means 26, at the CPU 21 in such 

read-out device 25 detachably set memory medium 4 which ^ way that it would read out the server address and the 

stores the server address and the memory medium identifi- memory medium identification information and use thus 

cation information A. The read-out device 25 reads out its ^ead out server address to be connected to the server and 

memory contents, i.e. the information of the CD-ROMs, ^^^^ transmit thus read out memory medium identification 

floppy disks, CD EXTRAS, etc. information in order to ask for server access permission. 

If a user sets memory medium 4 that he bought to the authentication client 34 is provided with decipher- 
read-out device 25 and gives it necessary comtnands from ^^^^ ^^^^ 3 ^ing to the identification key 
the input device 24 to execute a service request direction to ^^^^^^^ ^^^^ 33,^ decipherment means 32A, which deci- 

a server which has used the memory medium 4, the read-out „u»„ .u^ *v,= ,vi^««.fi 

, , . t r.u ^TiTT J * phers the server address and the memory medium identm- 

device 25 will, under the control of the CPU 21, read out ^ -ic i_ uuu l l j .l.^i. 

ivv 111, uiiu*.,! vyiiuwi vii. lu ^ ^^jjqjj number which have been enciphered so that they can 

stored server address and identification mformation A and 
undergoes fetching by the CPU 21. The CPU 21 then 

activates access authentication means 26 to connect it to the , ^ , . ^ . ^ . . 

server 1 by using the server address read out by the read-out ^^^^^^ mformation of music, miages, and data and those 

device 25 and transmits the memory medium 4's identifi- ,0 P"^^'^"^^ ^^^^^ ^^^^ abovementioned server access 

cation information A via the communication device 22 and authentication program may be wntten with the identifica- 
the network 3, to ask for server access permission to the ^ey issuance server 32 but will generally be done so 

server 1 ^^^^ exclusive-use writer (write-in device). 

On the side of the server 1, on the other hand, the The CPU 21 on the client machine is provided with a 
identification information thus transmitted is received by the 25 ^^^^^^ ^^^^ ^^^^ browser 35, which is an 

access authentication means 17, activated in the CPU 11, exclusive-use program to receive internet information 

that then compares this memory medium 4^s identification service, would execute processing that is needed to receive 

information A to identification information A stored before- service from the server. The CPUll on the server, on the 

hand in the abovementioned memory means 16 and, depend- ^'^er hand, is provided with a WWW server 38, which is an 

ing on the comparison results, gives the client 2 the authen- 30 exclusive-use program to supply mternet information 

tication of server access permission or refusal. Here, the service, and an authentication server 37, equivalent to an 

server access permission authentication is sent to the cHent access authentication control means 17, which controls the 

2, because both the identification information of the memory relevant server access authentication corresponding to the 

medium to which the server access stored in the memory authentication client 34. 

means 16 must be permitted and the identification informa- 35 In the abovementioned client-server system, the user sets 

tion sent from the client 2 are "A." Then, service by the memory medium 33 to a read-out device 25 and then directs 

server 1 starts for the client 2, which will, for example, an input device 24 to activate the server access authentica- 

receive necessary information. tion program for the memory medium 33, Thus, the CPU 21 

HG. 2 shows the detailed configuration of a client-server activates the authentication program 34, to start processing 
system related to the embodiment of the present invention. 40 shown in the FIG. 3 flowchart. 

This embodiment employs an internet 100 as the network. First, at step 1 (SI), the authentication client 34 reads out 

The server machine connected to th internet 100 is provided an identification key consisting of a server address and 

with an identification key table 31 corresponding to the memory medium identification number N from the memory 

memory means 16 in FIG. 1, which stores memory medium medium 33 via the read-out device 25. Then, at S2, the client 

identification numbers and the corresponding access validity 45 34 uses the decipherment means 34A to decipher them and, 

time limits. An example of this identification key table is at S3, uses thus deciphered server address, to be connected 

shown in FIG. 5, storing the validity periods corresponding via the internet 100 to a WWW server 38 corresponding to 

to four-digit identification information. The identification the abovementioned server address and then, at S4, transmits 

information is given a different number for each different the memory medium identification number N. 
memory medium or for each issuance lot of memory 50 The server, on the other hand, receives a connection 

medium. request to connect a WWW server 38 at S5 and receives the 

llie server machine is provided with an identification key memory medium identification number N sent from the 

issuance server 32 as memory medium issuance device, authentication client 34 at S6. The WWW server 38 sends 

which fetches the memory medium identification number thus received memory medium identification number N to 

from the identification key table 31 and also obtains the 55 the authentication server 37. In response to this, the authen- 

relevant server's address (Uniform Resource Locator: URL) tication server 37 reference an identification key table 31 to 

which is, for example, entered by the operator to store this check whether the abovementioned memory medium iden- 

address in the memory medium 33. The identification key tification number N has been registered beforehand at S7. If 

issuance server 32 is provided with encipherment means the number is known to have been registered, based on the 

32A, thereby storing the abovementioned server address and 60 correspondingly stored validity period information, it is 

the memory medium identification number N which have detected whether it is within its validity period at S8. If it is 

been enciphered so that they cannot be used as they are even proved to be within the validity period as the results of this 

if they are read out illegally, Also, if memory medium 33 detection, access permission authentication is sent via the 

happens to be a CD EXTRA, it can be set to the CD player WWW server 38 to the corresponding authentication client 

to be used as a compact disk and also to be used as a 65 34 at S 9. At the same time, the authentication server 37 

CD-ROM to the computer, so that it will store various types issues and transmits an enciphered client identification num- 

of information such as music data, image data, other data, ber C. The authentication client 34, waiting for the authen- 
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ticatioD results, and, when having received the results, 
checks whether the access is permitted or refused at SIO. If 
the access is permitted, service is transferred at Sll. That is, 
the authentication client 34 activates the WWW browser 35 
and also xises the Decipherment means 34A to decipher the 5 
abovementioned enciphered cHent identification informa- 
tion C in order to direct the reception of the service to be 
given to the WWW browser 35, Then, the WWW browser 
35 sends a service start request and also thus deciphered 
client identification information C to the WWW server 38. 
The WWW server 38, when having received the service start 
request and also the deciphered client identification infor- 
mation C, sends that information C to the authentication 
server 37 to inquire whether it is a legal client identification 
number. The authentication server 37 uses its client identi- 
fication information C which has already been issued by not 
enciphered yet, to compare it to the client identification 
number C related to the inquiry and then returns the WWW 
server 38 a response of whether it is legal information or not. 
If it is legal, the WWW server 38 starts service for the 
relevant client. 

If, on the other hand, the memory medium identification 
information is known not to have been registered in the 
identification key table 31 or not to have been within the 
validity period, the authentication server 37 returns access 25 
refusal at S13. The authentication client 34, when having 
received this refusal, posts an authentication error to a 
display device 23 at S14 to end the processing. 

The above procedure enables only the user who bought a 
CD EXTRA storing, for example, some music to enjoy the 30 
corresponding music information via the internet 100. This 
music information is given in such a configuration that its 
lower-order layer comprises artist information and also its 
even lower-order layer comprises new music note and 
concert information, thus providing desired service to the 35 
user. Specifically, with the music information service 
accessed as described above, the user obtains his desired or 
prescribed artist information and then receives the informa- 
tion of the artist concert date or new music note. 

Aside from the abovementioned embodiment, where, for 40 
example, a series of service, i.e. service on music 
information, is provided by the server, one server, as shown 
in FIG. 6 for example, may provide various types of service 
such as music information service, communication educa- 
tion service, and version upgrade service. In such a case, 45 
each unit of memory medium may store each medium 
identification number or a plurality of those numbers 
beforehand, each of which may be selected by the user for 
his service as occasion demands. As shown in FIG. 6 for 
example, the high-order two bits of each four-bit identifi- 50 
cation number can be used to subdivide service. The server, 
on the other hand, holds such a table as shown in FIG. 7 to 
identify the service and the validity period and then provide 
necessary service. 

In this case, on the side of the client, such processing as 55 
shown in FIG. 8 advances. That is, when the server authen- 
tication program is activated, the system indicates at the 
display device 23 which service is to be requested at S31, 
detects whether a direction input is given at S32, if it is 
given, reads out and deciphers the identification number of 60 
the service corresponding to the server address, and based on 
this number, makes an access request at S33, and then 
advances to the execution of processing to receive the 
service at S34. The server, on the other hand, executes such 
processing as shown in FIG. 9. Uliat is, the system uses the 65 
identification number sent from the client and also such table 
as shown in FIG. 7 to identify service corresponding to this 



identification number at S35, to start the corresponding 
service at S36. If, in this case, the identification number has 
not been registered or its validity period has expired, such 
processing as abready described with reference to FIG. 3 will 
be executed. 

Aside from the abovementioned embodiment, in which 
only one server is assumed, there may be another embodi- 
ment where a plurality of servers would provide one or more 
pieces of service so that one piece of memory medium 
receives a plurality of and different types of service. In such 
a case, the server address and the memory medium identi- 
fication number would correspond to the type of service. 
Thus, when server access authentication is to be requested, 
a server address and a memory medium identification num- 
ber which correspond to the service type are to be used. 

The abovementioned embodiments can be applied to such 
a case as to control accesses to protected pages via the 
internet, to manage the in-house access right, and to provide 
via the network the specific masked articles, i.e. those not 
carried, in magazines to which CD-ROMs, etc. are 
appended. 

As described above, the memory medium stores various 
information such as (1) the server address and the memory 
medium identification information; (2) the first program, 
acting as an authentication chent 34 in the above description, 
which permits the computer to read out the abovementioned 
server address and the memory medium identification infor- 
mation and uses thus read out server address to be connected 
to the server and then transmits thus read out memory 
medium identification information to ask for a server access; 
and (3) music, images, other data, etc. In this case, the 
images include still and movable images and the other data 
includes the characters comprising those of image data and 
maps, etc. Other programs than the fist program may be 
stored also. 

In short, the relevant memory medium would store the 
server address, memory medium identification information, 
and all the information other than the first program. 
Therefore, only the user who has this memory medium can 
read out and utilize any information such as the server 
addresses stored in this memory medium, the memory 
medium identification information, and the data other than 
the fist program and also can he surely receive prescribed 
service from prescribed servers by using the stored server 
addresses, the memory medium identification information, 
and the first program. 

What is claimed is: 

1. A client-server system in which clients and servers are 
interconnected via a network, wherein 
each of said clients comprise: 

a read-out device for reading out data from a memory 
medium; 

a memory medium for removably connecting to the 
read-out device, storing a server address and 
memory medium identification information; 

access permission request means for connecting to the 
server using the server address stored in the memory 
medium, and transmitting the memory medium iden- 
tification information to request server access per- 
mission; and 
each of said servers comprise: 

memory means for storing identification information 
for a memory medium for which server access is 
permitted; 

access authentication control means for comparing 
memory medium identification information sent 
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from a client to the identification information stored 
in said memory means, and based on a result of the 
comparison, sends server access permission or 
refusal to the client; 
wherein the access permission request means is stored in 5 
the memory medium as software. 

2. A client -server system as claimed in claim 1, wherein 
the memory means stores information of a period for 

which server access is permitted corresponding to 
identification information stored in the memory 
medium; and 

the access authentication means, based on memory 
medium identification information sent during a 
request from the client for server access permission, 
references the period information stored in said 
memory means and sends the client authentication 
information regarding server access permission or 
refusal. 

3. A client -server system as claimed in claim 1, wherein 
both the server address and the identification information 

stored in the memory medium are enciphered; and 
a client is provided with decipherment means which 
deciphers both the server address and the identification 
information read out from the memory medium. 25 

4. A client-server system as claimed in claim 1, wherein 
the memory medium further stores one of a plurality of 
identification information pieces for each of a plurality of 
service pieces provided by a server. 

5. A server access authentication method used in a client- 30 
server system in which clients and servers are intercon- 
nected via a network, wherein 



10 

a client, comprising a memory medium storing a server 
address and memory medium identification 
information, 

reads out the server address and the memory medium 

identification information using a read-out device; 
connects to a server using the server address read out 

from the memory medimn, and 
transmits identification information read out by said 
read-out device to the server to request server access 
permission; and 
the server, comprising a memory means, 

compares memory medium identification information 
sent from the client to memory medium identifica- 
tion information stored in memory means upon 
receiving a request fi"om the client, for access 
permission, and 
sends to the client authentication information regarding 
server access permission or refusal based on a result 
of the comparison. 
6. A server access authentication method as claimed in 
claim 5, wherein 

the memory means of the server stores information cor- 
responding to the memory medium identification infor- 
mation regarding a period for which server access is 
permitted; 

and the server, based on the memory medium identifica- 
tion information sent from the client requesting server 
access permission references said period information 
stored in the memory means and sends the client 
authentication information regarding server access per- 
mission or refusal. 

« )|e 9|t * « 
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